On December 29th, Microsoft released Security Bulletin MS11-100 to address a publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. For details about the vulnerabilities, affected software and update information, see MS11-100 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420).
We have completed testing of the security updates on Exchange 2010, Exchange 2007 and Exchange 2003 servers running on the corresponding supported versions of Windows Server – Windows 2008 R2, Windows 2008 and Windows 2003.
We recommend that customers apply the corresponding security update for Windows Server (listed in the security bulletin) on their Exchange 2010, Exchange 2007 and Exchange 2003 servers.